After a legitimate copy of software is installed on a processing device, the software may be nonfunctional, or may have limited functionality until a user activates the software. Authentication components may authenticate software as being a genuine, or authorized, licensed copy of software. An activation exploit is a form of software that fools authentication components, such that counterfeit software may be authenticated as being a genuine copy of the software.
An activation exploit scanner may detect a presence of an activation exploit on a processing device in a number of different ways. For example, the activation exploit scanner may detect a presence of an activation exploit by finding a file having a particular hash value, or by other methods. Detailed detection algorithms that are specific to detecting a known activation exploit or a class of activation exploit may be called signatures.
Currently, an activation exploit scanner is bundled with signatures that may be operating-system-specific or application-specific. To scan for new activation exploits or activation exploits associated with a different operating system or application, the activation exploit scanner is rebuilt with new signatures, repackaged, and redeployed. As a result, the rebuilt activation exploit scanner is subjected to extensive and repetitive testing, in addition to functional testing, before being redeployed.